System Logs

Overview

Evidence: System Logs Description: Collect System Logs Category: System Platform: linux Short Name: sysl Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

Linux syslog contains comprehensive system-wide logs including application messages, system events, and daemon activities. It's the primary logging facility on Debian-based systems (Ubuntu, Debian) and captures all non-kernel system messages.

Data Collected

This collector gathers structured data about system logs.

Collection Method

This collector gathers syslog files from /var/log/syslog*, including rotated logs, which contain timestamped system events and application messages.

Forensic Value

Syslog is critical for investigating system events, application activities, service failures, and security incidents. It provides a comprehensive timeline of system operations essential for incident response and forensic analysis.